Hello,

On 28.4.2013 19:50, Jakub Hrozek wrote:
> >get a single machine to be able to perform any update, and have this as
> >one of the entries in my "bind update policy":
> >grant SERVICE\047foreman.collmedia....@collmedia.net  wildcard * ANY;


String "SERVICE/ipaserver.example....@example.com" in the example is full principal name including Kerberos REALM. The string "SERVICE" has to be replaced with real service name.

Everything is case sensitive!

See http://www.zytrax.com/tech/survival/kerberos.html#terminology for some Kerberos basics.

Your zone update policy should include something like "grant
host/\047foreman.collmedia....@collmedia.net  wildcard * ANY;"

This example contains an error: Character '/' in principal name has be to replaced with "\047". The corrected example is:
"grant host\047foreman.collmedia....@collmedia.net  wildcard * ANY;"

--
Petr^2 Spacek

_______________________________________________
Freeipa-users mailing list
Freeipa-users@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-users

Reply via email to